Filter
Top Products
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 133
8
IP Access Control Lists (ACL), Prefix Lists, and
Route-maps
IP Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: c e s
Ingress IP ACLs are supported on platforms: c e s
Egress IP ACLs are supported on platform:
e
Overview
At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based
on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and
Route-maps. For MAC ACLS, refer to the Access Control Lists (ACLs) chapter in the FTOS Command
Line Reference Guide.
An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filter’s specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped ( implicit deny).
The number of ACLs supported on a system depends on your CAM size. See CAM Profiling, CAM
Allocation, and CAM Optimization in this chapter for more information. Refer to Chapter 11, Content
Addressable Memory, on page 281 for complete CAM profiling information.
This chapter covers the following topics:
• IP Access Control Lists (ACLs) on page 134
• CAM Profiling, CAM Allocation, and CAM Optimization on page 134
• Implementing ACLs on FTOS on page 137
• IP Fragment Handling on page 138
• Configure a standard IP ACL on page 140
• Configure an extended IP ACL on page 143
• Configuring Layer 2 and Layer 3 ACLs on an Interface on page 146